Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Android malware potentially stole up to 450,000 pieces of personal data: Symantec

More than 3000 visits were made to fake app store, Android Express Play

A fake app store that steals personal information on Android devices may have potentially stolen between 75,000 and 450,000 pieces of personal data such as contact details, according to security firm Symantec.

Not long after Symantec discovered Android.Exprespam, the security firm acquired data that indicated more than 3000 visits were made to the fake app store called Android Express’s Play from 13-20 January.

“The scam has only been around for about two weeks so I am sure that this is just the beginning for the scammers and the amount of personal data collected will increase exponentially,” Joji Hamada, a Symantec employee, wrote in a blog post.

Symantec has found another version of the fake app store, with the domain registed by the Exprespam scammers. The store has not been given a name and appears to still be under construction. However, the security firm warns that a new malware variant is being hosted in the site.

“The scammers are constantly modifying their tactics so that the scam provides a good ‘return’ for them. These updates will not end until the scammers either are caught by the authorities and punished or cease scamming people, which is unlikely to happen anytime soon,” Hamada wrote.

For all smartphone users, the research firm suggests to only download apps from well-known app vendors, avoid clicking on links in emails from unknown sources and install a security app.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Symantec
References show all
Comments are now closed.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Android.Exprespam, security, Android Express’s Play, Android, malware
Latest Blog Posts
Whitepapers
  • Top 20 Critical Security Controls - Compliance Guide
    Simply being compliant is not enough to mitigate attacks and protect critical information. Organizations can reduce chances of compromise by shifting away from a compliance-driven approach. This guide provides the Top 20 Critical Security Controls (CSCs) developed by the SANS Institute to address the need for a risk-based approach to security.
    Learn more »
  • Rebranded Quadmark revamps its IT solutions with Google Apps
    The Singapore office was using Exchange as its email server but encountered various issues such as storage capacity limitations and difficulty in managing spam. Adding new users to the server was also a hassle that often required a third party vendor, resulting in a waste of time and resources. Quadmark also experienced email performance issues that slowed down their employees’ response time, leading to frustration among staff and clients. Quadmark’s management felt that it was unacceptable to continue it’s current solution and thus decided to streamline its IT infrastructure alongside its rebranding plans. The business wanted a unified and consolidated email service for its various offices. Quadmark also wanted to be able to house files and documents on the cloud.
    Learn more »
  • 5 Best practices to make security everyone’s business
    Employees are one of your greatest risks to information security. We share five proven techniques to strengthen your security strategy and protect your business.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Salary Calculator

Supplied by

View the full Peoplebank ICT Salary & Employment Index

Recent comments